Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo amazon.com

Group: babuk2

Discovered by ransomware.live: 2025-03-20

Estimated attack date: 2025-03-20

Country: US

Description:

amazon.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1836

Compromised Users: 5214163

Third Party Employee Credentials: 3607

External Attack Surface: 200

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusecomplaints markmonitor.com
  • hostmaster amazon.com
  • whoisrequest markmonitor.com
MX Records
  • amazon-smtp.amazon.com.
TXT Records
  • sending_domain608861=81b0d52095dae60d604e7cbea5e58e1d842f7d950d6673a43feae339b664ca31
  • sending_domain229492=341509a116ea4311fcb2e489303bf09a139b10ce9b90e5029d2677055cb4dc89
  • stripe-verification=1D421397AAEC571CCBD9F25DDC90F00EDEBC3E74F4047270EC9A13B784579E34
  • google-site-verification=NV91qEfNgqDZOPzwlhXE-KtDUfCBSNgAsdxaFebyh80
  • sending_domain197572=555e96ed2e576ced81c89f7001740cb72f9c66aeb136d0d05734aad625766bc1
  • brevo-code:9be7f7c39958d253a31de6593fa831bc
  • apple-domain-verification=dVkKZnu17XS0EN2X
  • sending_domain608861=d33a88e8540c33a1217138cf8a25879734bd35673bb7cfbd639f95c550b33ec4
  • autodesk-domain-verification=dmryiygGOGBJFJFVo5Bl
  • stripe-verification=6a5d107aa37465eac2101bb1c725b02072689a4fa7bd38b455970baac4979a17
  • stripe-verification=C7ABA7B41F5AC26E3C397015A34CD46ACD2130DC8DAAFA7F59AAEFEDBC3FA517
  • cisco-ci-domain-verification=1b256bd11daa486ba2fa405d2d5de70f75feb6757dd8993ca8de685a7dfea1df
  • wrike-verification=MzI3NzM2ODo2NDk5MjE4NjQ2MWJmOTEwMGMxM2MzNzJmNWJlY2U5ZDU4MmVlNzQ2NWU4MTY5OWJjMjlmYjQ4Mjc5M2JiMzky
  • uber-domain-verification=7a35217f-6956-41a0-be5c-a28ea2646964
  • MS=4B600B22799EB2CAC0D8FF0A3A3CAECA5EE2BF3A
  • TS1760027
  • uber-domain-verification=01e9f567-7b84-45dd-9326-53992a028b40
  • pendo-domain-verification=ecbe1a51-954d-4202-ab86-d15e04b96769
  • stripe-verification=65883709F0B36AB2B73FFC870338AE9F817315DDBB1CAB28910F074F4A8DE1EC
  • sending_domain229492=7cde83fbc5246557c64d9d9ba79f0d11f7ba9eb6127f60451a9aa6f8dead4381
  • google-site-verification=G_-mXb0ZYjjGkQVGjpOOB2deSOaVdxVj4i4vozJTREs
  • canva-site-verification=WhUvTbfe6tUQWmIXnQifGA
  • v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all
  • docker-verification=1779f74e-699a-4d8b-acdc-ce242d73559f
  • canva-site-verification=Hksh9WEUPWP13_SEU1mPMA
  • google-site-verification=14WGW2MdNMxchG8PlinF7LgqqE0OwwHqOq0HKhb7rDQ
  • stripe-verification=76924B623B7105057C67D4F5EAE19F65EE8BD92635581BCACA2CCACA4D38FE1B
  • atlassian-domain-verification=ZT4AapXgobCpXIWoNcd7gtMjZyOUdr4EDFMnFUWrqqqgdaQVbDvoGpRaIwj/tgPH
  • sending_domain949422=43d714838567583460e7720e6049505edb8e25c1ef4321419d41bc5255db7ba5
  • pardot326621=b26a7b44d7c73d119ef9dfd1a24d93c77d583ac50ba4ecedd899a9134734403b
  • 00DcX000002xu6h=1TBcX00000000Xt
  • stripe-verification=a27edc0da55836ea6bb7eac592bf2ca8e246eb652608d54493119df7df005afc
  • ZOOM_verify_ARI4AiKALCcjulAUZNwR8S
  • stripe-verification=B0AD8DC1918B8A717E5B6A29C2E04594A9872AB05F8DA24CB762BBA0A0487BC6
  • lucidlink-verification=QG752KJ3CMZAZTZ3ERMX1AXMCG
  • sending_domain1014172=003846595520e80ec84e8cc47c07e3a71afb855fc743bb92cdec93f88c7a4029
  • spf2.0/pra include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all
  • neat-pulse-domain-verification-QgvLWLN=f37f2998-0bb3-493b-a3aa-c4ff8f3dce08
  • apple-domain-verification=4wbNaeWvAH0pU1yi
  • stripe-verification=45f746e3b195198f419af3f685fdf217532ce552b4b47070b3caefe325559a67
  • apple-domain-verification=_j3fIZD8uuYetbG64YKTEpz-8mwyvYrLRqM5CoVZVTk
  • uber-domain-verification=5f5cc242-4dbe-4871-b726-bbbe085ff053
  • stripe-verification=a5c01aa4d732f4b93154d67983d77982ef1a2db73fecfd4bcd64e224d3ab4075
  • ZOOM_verify_6OUC1znUonKMCoyMMGyFfX
  • sending_domain949422=99a7b44052aefc4dec2abf56189160824664d2fdac00ca962f4455be62b51d56
  • stripe-verification=26EFABF97D624D7F4F3C062366A04C4B1399841F23F275DD81E58D00A981979C
  • google-site-verification=D0RwRb_QApkpApKTFaFlRwbm_yrkey0uokKw0wQUIdk
  • sending_domain1003771=199bc63a54ace5d8d5c5d08286af86d7049b4afacb5ef7decd6b22cf9e8d5efb
  • stripe-verification=79C640ED20153B836A623F16A3DCF65E2072948FB80C42D19300514DADF94EC5
  • facebook-domain-verification=d9u57u52gylohx845ogo1axzpywpmq
  • dell-technologies-domain-verification=amazon.com_2dc4b285-482d-4948-bf92-16e698f2cab9_1738858526
  • sending_domain1003771=f1303d8ee3b86e39db2703b11feb83e1e8b712a9ffc64c3d56505192e5b3bf4f
  • box-domain-verification=ffea95cd0e0d61c302198367155b07e74fd534fa1d867662dc9bf9969b6f535d
  • liveramp-site-verification=jZJKgMEQ_1mdjMhKj02iqNACZ-NJHRWhCEQdQ_OuCMo
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Box Salesforce Stripe LucidLink Autodesk Cisco Zoom

Leak Screenshot:

Leak Screenshot